CSRF—Cross Site Request Forgery

Others 2021-01-22 13:28:15 views: null

CSRF—Cross Site Request Forgery

Principle: The cause of the csrf vulnerability is that the cookies of the website will not expire in the browser, forging requests for trusted users, as long as you do not close the browser or log out, then as long as you visit this website in the future, you will default to the status that you are already logged in. During this period, the attacker sends a constructed csrf script or a link containing csrf scripts, which may perform some functions that the user does not want to do (such as adding an account, etc.)

1. We opened the shooting range and found that it was a CMS. Since we know the background path, we directly enter the background login interface

Insert picture description here Enter the account password, enter the background,
and then click on the file manager, click on the new file.
At this time, we open burp. When modifying the file, use the packet capture tool to capture the modified data package
and then use the Burp tool to change it into a csrf attack File
Insert picture description here We first delete the newly created file, and then visit the web page created by BURP to find that it automatically jumps to our administrator background. We can use the built-in web page to prevent the
successful creation of the LB.php file, and the CSRF is successful

Guess you like

Origin blog.csdn.net/weixin_43264067/article/details/106441881

CSRF—Cross Site Request Forgery

csrf cross-site request forgery attacks,

Cross-Site Request Forgery (CSRF)

CSRF (cross-site request forgery)

On CSRF (cross-site request forgery) attacks

CSRF Cross-Site Request Forgery

CSRF — Cross-Site Request Forgery

Cross-Site Request Forgery (CSRF)

How to prevent Cross Site Request Forgery (CSRF)?

Pikachu-----CSRF (Cross Site Request Forgery)

ValidateAntiForgeryToken prevent CSRF (cross-site request forgery) ValidateAntiForgeryToken prevent CSRF (cross-site request forgery)

Cross-site request forgery (CSRF) and cross-domain problem

web security study notes (nine) CSRF (Cross-Site Request Forgery) Cross-Site Request Forgery

Cross-site request forgery (CSRF) Summary and defense

DVWA vulnerability Range - Cross-site request forgery (CSRF)

Django - csrf cross-site request forgery, Auth authentication module

Infiltration of the Basic - cross-site request forgery CSRF

pikaqiu practice platform (CSRF (cross-site request forgery))

Pikachu-- cross-site request forgery (CSRF)

pikachu Learning --CSRF (cross-site request forgery)

CSRF cross-site request forgery in penetration testing

Cryptography series: csrf cross-site request forgery

CSRF Supplement - Cross-Site Request Forgery FBV

JSF responds to Cross-Site Request Forgery (CSRF) attacks

CSRF (Cross Site Request Forgery Vulnerability) Detailed Explanation of Web Vulnerabilities

Browser security CSRF cross-site request forgery

What is a cross-site request forgery (CSRF) attack? How to prevent it?

CSRF cross-site forgery request attack-CSRF phishing adds administrator account and security precautions

(Vi) cross-site request forgery

MVC cross-site request forgery

Recommended

"U.S. Threats and Damage to Global Cyberspace Security and Development" report released

Ranking

[DP] expected [UVA1498] Activation

What is the ABAP Dynpro program

记录一下halcon例程报错和两个视觉库感兴趣区域绘制

characterReplacement-the longest repeated character after replacement

Target element by id somewhere within an element targeted by id

Test classification

NOI 8780 interceptor missile linear dp

Equipment inspection management wants to fine, light streams Weapon children

sql packet takes the value of the most

Computer java project recommendation SSM (Spring+SpringMVC+MyBatis) takeaway ordering management system

Daily

More

2024-04-29(5)

2024-04-28(12)

2024-04-27(29)

2024-04-26(22)

2024-04-25(32)

2024-04-24(30)

2024-04-23(30)

2024-04-22(5)

2024-04-21(0)

2024-04-20(6)